Re: Advantage(s) of static over dynamic nftables sets?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: Frank Myhr <fmyhr@fhmtech.com>
Cc: Florian Westphal <fw@strlen.de>,
	"netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: Re: Advantage(s) of static over dynamic nftables sets?
Date: Thu, 19 Mar 2020 01:08:34 +0100	[thread overview]
Message-ID: <20200319000834.GN979@breakpoint.cc> (raw)
In-Reply-To: <490f10f9-33fa-c85d-9fd3-4dfae823166a@fhmtech.com>

Frank Myhr <fmyhr@fhmtech.com> wrote:
> > > I suppose intervals are more efficient than an equivalent group of single
> > > elements?
> > 
> > Memory-wise yes, performance-wise no.
> 
> Also good to know.
> 
> > > Is a concatenation like ipv4_addr . inet_service as efficient as a pure data
> > > type with the same number of bits?
> > 
> > Yes, as it makes no difference for the storage.  The kernel doesn't know
> > what its storing, it only knows the size of the element.
> > 
> > It does store a 'type' information, but that is only used by nftables
> > so it knows how to format the elements when listing the ruleset.
> 
> Thanks for confirming, and for all of your detailed answers.
> 
> If you find the time (and if it's comprehensible to a non-kernel
> programmer): How does a dynamic set change the above situation? Does it use
> a hash table for everything?

Yes, dynamic set always uses 'rhashtable' backend, thats the only type
that supports insertion from the packet path.

We have 3 hash tables, a simple one for 32bit keys, one for static sets
(table size decided at creation time) and rhashtable (table size is
auto-resized as needed).

next prev parent reply	other threads:[~2020-03-19  0:08 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-18 21:17 Advantage(s) of static over dynamic nftables sets? Frank Myhr
2020-03-18 21:35 ` Florian Westphal
2020-03-18 22:11   ` Frank Myhr
2020-03-18 22:51     ` Florian Westphal
2020-03-18 23:14       ` Frank Myhr
2020-03-19  0:08         ` Florian Westphal [this message]
2020-03-19  0:21           ` Frank Myhr

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200319000834.GN979@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=fmyhr@fhmtech.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.